Re: SOX Question
Date: Tue, 2 Jun 2009 13:05:10 -0700
On Tue, Jun 2, 2009 at 12:44 PM, Tim Gorman <tim_at_evdbt.com> wrote:
> Authenticate, authorize, and audit: it strikes me that if a change
> management system can do those three things reliably and securely, you can't
> be too far off. Lack of separation of duties might still get dinged in a
> SOX audit, but its something the organization can probably negotiate.
Change management is as much about recording what happened, and who did it as it is about authorizing changes.
As has been stated and implied, SOX is nebulous and is really a set of
negotiated with your SOX Auditors.
The bottom line on that is that it must be something the CEO/CFO, and/or
others are willing to sign off on. While the SOX standard is nebulous, the penalties are not.
JaredReceived on Tue Jun 02 2009 - 15:05:10 CDT